move all containers into their own mount namespace; fix typos in new configmap logic

helm-toolkit/templates/snippets/_k8s_init_dep_check.tpl

@@ -15,6 +15,7 @@
 {{- define "helm-toolkit.kubernetes_entrypoint_init_container" -}}
 {{- $envAll := index . 0 -}}
 {{- $deps := index . 1 -}}
+{{- $mounts := index . 2 -}}
 {
   "name": "init",
   "image": {{ $envAll.Values.images.dep_check | quote }},
@@ -66,6 +67,7 @@
       "name": "COMMAND",
       "value": "echo done"
     }
-  ]
+  ],
+"volumeMounts": {{ $mounts | quote | default "[]"}}
 }
 {{- end -}}

keystone/templates/configmap-etc.yaml

@@ -48,7 +48,7 @@ data:
 {{ .Values.conf.policy.override }}
 {{- else -}}
 {{ tuple "etc/_policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }}
-{{- end -}}
+{{- end }}
   mpm_event.conf: |+
 {{ tuple "etc/_mpm_event.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
   wsgi-keystone.conf: |+

keystone/templates/deployment.yaml

@@ -11,10 +11,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
-{{- $mounts := .Values.mounts.api }}
+{{- $mounts_keystone_api := .Values.mounts.keystone_api.keystone_api }}
+{{- $mounts_keystone_api_init := .Values.mounts.keystone_api.init_container }}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -38,7 +38,7 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.hash" }}
         pod.beta.kubernetes.io/init-containers: '[
-{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
+{{ tuple $envAll $dependencies $mounts_keystone_api_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
         ]'
     spec:
       nodeSelector:
@@ -75,7 +75,6 @@ spec:
             tcpSocket:
               port: {{ .Values.network.port.api }}
           volumeMounts:            
-{{ toYaml $mounts.volumeMounts | indent 12 }}
+{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}
       volumes:
-{{ toYaml $mounts.volumes | indent 8 }}
-
+{{ toYaml $mounts_keystone_api.volumes | indent 8 }}

keystone/templates/etc/_policy.json.tpl

@@ -195,3 +195,5 @@
     "identity:update_domain_config": "rule:admin_required",
     "identity:delete_domain_config": "rule:admin_required",
     "identity:get_domain_config_default": "rule:admin_required"
+
+}

keystone/templates/job-db-init.yaml

@@ -14,7 +14,9 @@
 
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.init }}
-{{- $mounts := .Values.mounts.job_db_init }}
+{{- $mounts_keystone_db_init := .Values.mounts.keystone_db_init.keystone_db_init }}
+{{- $mounts_keystone_db_init_init := .Values.mounts.keystone_db_init.init_container }}
+
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -24,7 +26,7 @@ spec:
     metadata:
       annotations:
         pod.beta.kubernetes.io/init-containers: '[
-{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
+{{ tuple $envAll $dependencies $mounts_keystone_db_init_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
         ]'
     spec:
       restartPolicy: OnFailure
@@ -47,7 +49,7 @@ spec:
             - bash
             - /tmp/init.sh
           volumeMounts:            
-{{ toYaml $mounts.volumeMounts | indent 12 }}
+{{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }}
       volumes:
-{{ toYaml $mounts.volumes | indent 8 }}
+{{ toYaml $mounts_keystone_db_init.volumes | indent 8 }}
 

keystone/templates/job-db-sync.yaml

@@ -14,7 +14,8 @@
 
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
-{{- $mounts := .Values.mounts.job_db_sync }}
+{{- $mounts_keystone_db_sync := .Values.mounts.keystone_db_sync.keystone_db_sync }}
+{{- $mounts_keystone_db_sync_init := .Values.mounts.keystone_db_sync.init_container }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -24,7 +25,7 @@ spec:
     metadata:
       annotations:
         pod.beta.kubernetes.io/init-containers: '[
-{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
+{{ tuple $envAll $dependencies $mounts_keystone_db_sync_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
         ]'
     spec:
       restartPolicy: OnFailure
@@ -47,6 +48,6 @@ spec:
             - bash
             - /tmp/db-sync.sh
           volumeMounts:            
-{{ toYaml $mounts.volumeMounts | indent 12 }}
+{{ toYaml $mounts_keystone_db_sync.volumeMounts | indent 12 }}
       volumes:
-{{ toYaml $mounts.volumes | indent 8 }}
+{{ toYaml $mounts_keystone_db_sync.volumes | indent 8 }}

keystone/values.yaml

@@ -95,7 +95,9 @@ resources:
         cpu: "500m"
 
 mounts:
-  job_db_init:
+  keystone_db_init:
+    init_container: null
+    keystone_db_init:     
       volumes:
       - name: keystone-bin
         configMap:
@@ -104,7 +106,9 @@ mounts:
       - name: keystone-bin
         mountPath: /tmp/init.sh
         subPath: init.sh
-  job_db_sync:
+  keystone_db_sync:
+    init_container: null
+    keystone_db_sync:
       volumes:
       - name: empty
         emptyDir: {}
@@ -125,7 +129,9 @@ mounts:
         mountPath: /tmp/db-sync.sh
         subPath: db-sync.sh
         readOnly: true  
-  api:
+  keystone_api:
+    init_container: null
+    keystone_api:
       volumes:
       - name: empty
         emptyDir: {}